All the vulnerabilites related to veritas - netbackup
cve-2023-28758
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:37.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:N/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-003"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28758",
"datePublished": "2023-03-23T00:00:00",
"dateReserved": "2023-03-23T00:00:00",
"dateUpdated": "2024-08-02T13:51:37.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6402
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96485 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96485"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6402",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0991
Vulnerability from cvelistv5
Published
2006-03-28 00:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015832 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/17264 | vdb-entry, x_refsource_BID | |
| http://seer.support.veritas.com/docs/281521.htm | x_refsource_CONFIRM | |
| http://secunia.com/advisories/19417 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1124 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25473 | vdb-entry, x_refsource_XF | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/428979/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.tippingpoint.com/security/advisories/TSRT-06-01.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/377441 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:14.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "19417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19417"
},
{
"name": "ADV-2006-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"name": "netbackup-vnetd-bo(25473)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"name": "20060327 TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428979/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-01.html"
},
{
"name": "VU#377441",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/377441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted \"Request Service\" packets to the vnetd service (TCP port 13724)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "19417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19417"
},
{
"name": "ADV-2006-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"name": "netbackup-vnetd-bo(25473)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"name": "20060327 TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428979/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-01.html"
},
{
"name": "VU#377441",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/377441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted \"Request Service\" packets to the vnetd service (TCP port 13724)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015832",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"name": "http://seer.support.veritas.com/docs/281521.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "19417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19417"
},
{
"name": "ADV-2006-1124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"name": "netbackup-vnetd-bo(25473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25473"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"name": "20060327 TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428979/100/0/threaded"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-01.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-01.html"
},
{
"name": "VU#377441",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/377441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0991",
"datePublished": "2006-03-28T00:00:00",
"dateReserved": "2006-03-03T00:00:00",
"dateUpdated": "2024-08-07T16:56:14.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6406
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96486 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96486"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96486"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96486"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6406",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36169
Vulnerability from cvelistv5
Published
2021-01-06 00:50
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T00:50:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36169",
"datePublished": "2021-01-06T00:50:59",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42301
Vulnerability from cvelistv5
Published
2022-10-03 14:49
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-013#M1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:49:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42301",
"datePublished": "2022-10-03T14:49:13",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36949
Vulnerability from cvelistv5
Published
2022-07-27 21:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T21:00:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36949",
"datePublished": "2022-07-27T21:00:48",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6409
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96504 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96504"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96504"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96504"
},
{
"name": "1037950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6409",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6407
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96489 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"name": "1037950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6407",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1389
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ciac.org/ciac/bulletins/p-020.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17811 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/12901/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/685456 | third-party-advisory, x_refsource_CERT-VN | |
| http://seer.support.veritas.com/docs/271727.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/11494 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "P-020",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-020.shtml"
},
{
"name": "nebackup-bpjavasusvc-gain-privileges(17811)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17811"
},
{
"name": "12901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12901/"
},
{
"name": "VU#685456",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/685456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.support.veritas.com/docs/271727.htm"
},
{
"name": "11494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11494"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "P-020",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-020.shtml"
},
{
"name": "nebackup-bpjavasusvc-gain-privileges(17811)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17811"
},
{
"name": "12901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12901/"
},
{
"name": "VU#685456",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/685456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.support.veritas.com/docs/271727.htm"
},
{
"name": "11494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11494"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "P-020",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-020.shtml"
},
{
"name": "nebackup-bpjavasusvc-gain-privileges(17811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17811"
},
{
"name": "12901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12901/"
},
{
"name": "VU#685456",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/685456"
},
{
"name": "http://seer.support.veritas.com/docs/271727.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/271727.htm"
},
{
"name": "11494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11494"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1389",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-31T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36996
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:51:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36996",
"datePublished": "2022-07-28T00:51:09",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37000
Vulnerability from cvelistv5
Published
2022-07-28 00:47
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:47:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37000",
"datePublished": "2022-07-28T00:47:45",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36954
Vulnerability from cvelistv5
Published
2022-07-27 20:58
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T20:58:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36954",
"datePublished": "2022-07-27T20:58:39",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36999
Vulnerability from cvelistv5
Published
2022-07-28 00:48
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:48:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36999",
"datePublished": "2022-07-28T00:48:49",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42308
Vulnerability from cvelistv5
Published
2022-10-03 14:48
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-010#C1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#C1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:N/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:48:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#C1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:N/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-010#C1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#C1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42308",
"datePublished": "2022-10-03T14:48:07",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6551
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-6551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-6551",
"datePublished": "2016-05-07T14:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36956
Vulnerability from cvelistv5
Published
2022-07-27 20:57
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T20:57:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36956",
"datePublished": "2022-07-27T20:57:47",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8858
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98381 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"name": "98381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the \u0027bprd\u0027 process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"name": "98381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the \u0027bprd\u0027 process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"name": "98381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8858",
"datePublished": "2017-05-09T21:00:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6403
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96500 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96500"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6403",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42307
Vulnerability from cvelistv5
Published
2022-10-03 14:48
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-012#M2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:48:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42307",
"datePublished": "2022-10-03T14:48:17",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6552
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-6552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-6552",
"datePublished": "2016-05-07T14:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36997
Vulnerability from cvelistv5
Published
2022-07-28 00:50
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:50:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36997",
"datePublished": "2022-07-28T00:50:36",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36984
Vulnerability from cvelistv5
Published
2022-07-28 00:57
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36984",
"datePublished": "2022-07-28T00:57:02",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6401
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96493 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96493"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6401",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6404
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96494 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96494"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6404",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36986
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:56:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36986",
"datePublished": "2022-07-28T00:56:03",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36994
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:52:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36994",
"datePublished": "2022-07-28T00:52:07",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6550
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-6550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-6550",
"datePublished": "2016-05-07T14:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8856
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98379 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the \u0027bprd\u0027 process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the \u0027bprd\u0027 process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98379"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8856",
"datePublished": "2017-05-09T21:00:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0989
Vulnerability from cvelistv5
Published
2006-03-28 00:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015832 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/17264 | vdb-entry, x_refsource_BID | |
| http://seer.support.veritas.com/docs/281521.htm | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1124 | vdb-entry, x_refsource_VUPEN | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/880801 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/24172 | vdb-entry, x_refsource_OSVDB | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-005.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/428944/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/639 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25471 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "ADV-2006-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"name": "VU#880801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/880801"
},
{
"name": "24172",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-005.html"
},
{
"name": "20060327 ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428944/100/0/threaded"
},
{
"name": "639",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/639"
},
{
"name": "netbackup-vmd-sscanf-bo(25471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "ADV-2006-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"name": "VU#880801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/880801"
},
{
"name": "24172",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-005.html"
},
{
"name": "20060327 ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428944/100/0/threaded"
},
{
"name": "639",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/639"
},
{
"name": "netbackup-vmd-sscanf-bo(25471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015832",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"name": "http://seer.support.veritas.com/docs/281521.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "ADV-2006-1124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"name": "VU#880801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/880801"
},
{
"name": "24172",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24172"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-005.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-005.html"
},
{
"name": "20060327 ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428944/100/0/threaded"
},
{
"name": "639",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/639"
},
{
"name": "netbackup-vmd-sscanf-bo(25471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0989",
"datePublished": "2006-03-28T00:00:00",
"dateReserved": "2006-03-03T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36950
Vulnerability from cvelistv5
Published
2022-07-27 21:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:31.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T21:00:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36950",
"datePublished": "2022-07-27T21:00:20",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:31.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42304
Vulnerability from cvelistv5
Published
2022-10-03 14:48
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-011#H2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:48:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42304",
"datePublished": "2022-10-03T14:48:42",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42299
Vulnerability from cvelistv5
Published
2022-10-03 14:49
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-012#M3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:49:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42299",
"datePublished": "2022-10-03T14:49:28",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36993
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:52:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36993",
"datePublished": "2022-07-28T00:52:38",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42305
Vulnerability from cvelistv5
Published
2022-10-03 14:48
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-012#M1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:48:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42305",
"datePublished": "2022-10-03T14:48:35",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36987
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:55:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36987",
"datePublished": "2022-07-28T00:55:34",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36989
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:54:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36989",
"datePublished": "2022-07-28T00:54:44",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42302
Vulnerability from cvelistv5
Published
2022-10-03 14:49
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-011#C1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#C1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:49:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#C1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-011#C1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#C1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42302",
"datePublished": "2022-10-03T14:49:05",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42303
Vulnerability from cvelistv5
Published
2022-10-03 14:48
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-011#H1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:48:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42303",
"datePublished": "2022-10-03T14:48:58",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41570
Vulnerability from cvelistv5
Published
2022-04-19 12:38
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/support/en_US/security | x_refsource_MISC | |
| https://www.veritas.com/content/support/en_US/security/VTS22-007 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/support/en_US/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T12:38:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/support/en_US/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/support/en_US/security",
"refsource": "MISC",
"url": "https://www.veritas.com/support/en_US/security"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-007",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41570",
"datePublished": "2022-04-19T12:38:27",
"dateReserved": "2021-09-23T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6405
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96488 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"name": "96488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"name": "96488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"name": "96488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6405",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36998
Vulnerability from cvelistv5
Published
2022-07-28 00:49
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:49:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36998",
"datePublished": "2022-07-28T00:49:24",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36948
Vulnerability from cvelistv5
Published
2022-07-27 21:01
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T21:01:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36948",
"datePublished": "2022-07-27T21:01:05",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36951
Vulnerability from cvelistv5
Published
2022-07-27 20:59
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T20:59:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36951",
"datePublished": "2022-07-27T20:59:55",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36953
Vulnerability from cvelistv5
Published
2022-07-27 20:59
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T20:59:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36953",
"datePublished": "2022-07-27T20:59:09",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36990
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:54:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36990",
"datePublished": "2022-07-28T00:54:19",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36955
Vulnerability from cvelistv5
Published
2022-07-27 20:58
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T20:58:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36955",
"datePublished": "2022-07-27T20:58:09",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36985
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:56:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36985",
"datePublished": "2022-07-28T00:56:33",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36992
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:53:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36992",
"datePublished": "2022-07-28T00:53:07",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28759
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:37.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-006"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28759",
"datePublished": "2023-03-23T00:00:00",
"dateReserved": "2023-03-23T00:00:00",
"dateUpdated": "2024-08-02T13:51:37.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0990
Vulnerability from cvelistv5
Published
2006-03-28 00:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015832 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/17264 | vdb-entry, x_refsource_BID | |
| http://seer.support.veritas.com/docs/281521.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/428992/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25472 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/19417 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1124 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/744137 | third-party-advisory, x_refsource_CERT-VN | |
| http://securityreason.com/securityalert/642 | third-party-advisory, x_refsource_SREASON | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-006.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/428988/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "20060327 SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428992/100/0/threaded"
},
{
"name": "netbackup-bpdbm-sprintf-bo(25472)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25472"
},
{
"name": "19417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19417"
},
{
"name": "ADV-2006-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"name": "VU#744137",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/744137"
},
{
"name": "642",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-006.html"
},
{
"name": "20060327 ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428988/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "20060327 SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428992/100/0/threaded"
},
{
"name": "netbackup-bpdbm-sprintf-bo(25472)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25472"
},
{
"name": "19417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19417"
},
{
"name": "ADV-2006-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"name": "VU#744137",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/744137"
},
{
"name": "642",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-006.html"
},
{
"name": "20060327 ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428988/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015832",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015832"
},
{
"name": "17264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"name": "http://seer.support.veritas.com/docs/281521.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"name": "20060327 SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428992/100/0/threaded"
},
{
"name": "netbackup-bpdbm-sprintf-bo(25472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25472"
},
{
"name": "19417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19417"
},
{
"name": "ADV-2006-1124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"name": "VU#744137",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/744137"
},
{
"name": "642",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/642"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-006.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-006.html"
},
{
"name": "20060327 ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428988/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0990",
"datePublished": "2006-03-28T00:00:00",
"dateReserved": "2006-03-03T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45461
Vulnerability from cvelistv5
Published
2022-11-17 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-015"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45461",
"datePublished": "2022-11-17T00:00:00",
"dateReserved": "2022-11-17T00:00:00",
"dateUpdated": "2024-08-03T14:17:03.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36988
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:55:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36988",
"datePublished": "2022-07-28T00:55:06",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42306
Vulnerability from cvelistv5
Published
2022-10-03 14:48
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-010#M1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#M1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:48:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#M1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-010#M1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#M1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42306",
"datePublished": "2022-10-03T14:48:27",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36991
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:53:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36991",
"datePublished": "2022-07-28T00:53:39",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36952
Vulnerability from cvelistv5
Published
2022-07-27 20:59
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T20:59:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36952",
"datePublished": "2022-07-27T20:59:34",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6400
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96484 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96484"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6400",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6408
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96491 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"name": "1037950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6408",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36163
Vulnerability from cvelistv5
Published
2021-01-06 00:52
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T00:52:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36163",
"datePublished": "2021-01-06T00:52:20",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6399
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96490 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96490"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6399",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42300
Vulnerability from cvelistv5
Published
2022-10-03 14:49
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-013#M2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T14:49:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42300",
"datePublished": "2022-10-03T14:49:21",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36995
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:51:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36995",
"datePublished": "2022-07-28T00:51:31",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8857
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98384 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"name": "98384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the \u0027bprd\u0027 process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"name": "98384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the \u0027bprd\u0027 process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"name": "98384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8857",
"datePublished": "2017-05-09T21:00:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota impactos que incluyen una lectura arbitraria de archivos, un ataque de tipo Server-Side Request Forgery (SSRF) y una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-36997",
"lastModified": "2024-11-21T07:14:14.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36999",
"lastModified": "2024-11-21T07:14:15.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado)."
}
],
"id": "CVE-2017-6407",
"lastModified": "2024-11-21T03:29:42.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:01.073",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96489"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F750AB23-9889-44DB-8F69-5743253CA001",
"versionEndExcluding": "8.3.0.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
},
{
"lang": "es",
"value": "En Veritas NetBackup OpsCenter, un atacante remoto no autenticado puede comprometer el host al explotar una vulnerabilidad incorrectamente parcheada. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10"
}
],
"id": "CVE-2022-36951",
"lastModified": "2024-11-21T07:14:08.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:08.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98384 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98384 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the \u0027bprd\u0027 process."
},
{
"lang": "es",
"value": "Veritas NetBackup 8.0 y anteriores y NetBackup Appliance 3.0 y anteriores est\u00e1n afectadas por una copia de archivos sin autenticaci\u00f3n y ejecuci\u00f3n de comandos de forma arbitraria a trav\u00e9s del proceso \u0027bprd\u0027."
}
],
"id": "CVE-2017-8857",
"lastModified": "2024-11-21T03:34:51.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T21:29:00.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98384"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda crear arbitrariamente directorios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36995",
"lastModified": "2024-11-21T07:14:14.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup (en condiciones espec\u00edficas de notificaci\u00f3n)"
}
],
"id": "CVE-2022-36992",
"lastModified": "2024-11-21T07:14:14.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F750AB23-9889-44DB-8F69-5743253CA001",
"versionEndExcluding": "8.3.0.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
},
{
"lang": "es",
"value": "En Veritas NetBackup OpsCenter, un atacante remoto no autenticado puede llevar a cabo la ejecuci\u00f3n de comandos remota mediante la manipulaci\u00f3n del cargador de clases de Java. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10"
}
],
"id": "CVE-2022-36950",
"lastModified": "2024-11-21T07:14:08.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:08.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99C75EB-3507-4704-A565-AB2CF5369A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC406C50-6C2B-4160-890F-29DC444DC886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778FBECC-2C4C-45D5-A1E8-6678C541AA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46E3145F-197D-4860-AF50-8970CC803BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E4E50-9D65-460F-8BE1-27A174A6254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A861A3-FF48-47AD-BDE0-323E12CB7819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC7B2BA-DC01-4611-921B-C8C94651F142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7002266-E3B0-4A96-BE09-741A30E74B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D8275D-EE04-4BF7-9482-AE75A2E21F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C24158D-E922-4B07-8F67-58DD714346E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "658F2C00-3B49-4011-9F83-62ED504F7476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48563EA-D19E-4B62-8AE9-BE15D5EB8932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E294AFF-E630-4A50-B3DE-E16AF3E595E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9465004-79E0-46B0-B66A-48F3665ADA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A0C61-6B44-4344-AFC9-834B5B653B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F92467E-E91F-464F-B8C0-8724E4DB83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD568CB-7839-4DD4-AA6C-E3F14D54477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4356423A-17CF-4013-977B-F151BB5CC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9E0A06-0022-43B1-9DFD-025D4FB13055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40301990-E272-40C0-90B7-FCDA3B4B5CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9163537F-6657-4758-A980-6CCC8283F51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0859E-A3D1-416B-B841-EB052CAF6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54A5CAC2-5DD8-4FAE-B661-32A0017A557A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D741998D-20C0-4627-BF23-023D6C341746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01F5DFE7-64AF-4228-A30A-340B7BAA86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D479700-9A02-466B-A2CD-107F6EAF4AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E185B358-0805-4241-9960-23216974BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B672A9C-7549-4120-A966-D24090575506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E464653E-CFE4-4F9E-A021-DB16D9CE6046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del protocolo management-services en Veritas NetBackup 7.x hasta la versi\u00f3n 7.5.0.7, 7.6.0.x hasta la versi\u00f3n 7.6.0.4, 7.6.1.x hasta la versi\u00f3n 7.6.1.2 y 7.7.x en versiones anteriores a 7.7.2 y NetBackup Appliance hasta la versi\u00f3n 2.5.4, 2.6.0.x hasta la versi\u00f3n 2.6.0.4, 2.6.1.x hasta la versi\u00f3n 2.6.1.2 y 2.7.x en versiones anteriores a 2.7.2 permite a atacantes remotos hacer llamadas RPC arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-6552",
"lastModified": "2024-11-21T02:35:12.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-07T14:59:02.570",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-06 01:15
Modified
2024-11-21 05:28
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF089A0-933D-4543-B0FF-8CF6700194B0",
"versionEndIncluding": "8.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:opscenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8784FF-4C29-4CCB-A3A0-DEC2BFAAB7A3",
"versionEndIncluding": "8.3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Veritas NetBackup y OpsCenter versiones hasta 8.3.0.1.\u0026#xa0;Los procesos de NetBackup que usan Strawberry Perl intentan cargar y ejecutar bibliotecas desde rutas que no existen por defecto en el sistema operativo de Windows.\u0026#xa0;Por defecto, en los sistemas Windows, los usuarios pueden crear directorios en C:\\.\u0026#xa0;Si un usuario poco privilegiado en el sistema Windows crea una ruta afectada con una biblioteca que NetBackup intenta cargar, puede ejecutar c\u00f3digo arbitrario como SYSTEM o Administrator.\u0026#xa0;Esto le otorga al atacante acceso de administrador al sistema, permitiendo al atacante (por defecto) acceder a todos los datos, acceder a todas las aplicaciones instaladas, etc. Esto afecta a los servidores maestros, servidores multimedia, clientes y servidores OpsCenter de NetBackup en la plataforma Windows.\u0026#xa0;El sistema es vulnerable durante una instalaci\u00f3n o actualizaci\u00f3n en todos los sistemas y despu\u00e9s de la instalaci\u00f3n en Servidores Master, Multimedia, y OpsCenter durante las operaciones normales"
}
],
"id": "CVE-2020-36163",
"lastModified": "2024-11-21T05:28:51.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T01:15:12.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F750AB23-9889-44DB-8F69-5743253CA001",
"versionEndExcluding": "8.3.0.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
},
{
"lang": "es",
"value": "En Veritas NetBackup OpsCenter, ciertos puntos finales podr\u00edan permitir a un atacante remoto no autenticado obtener informaci\u00f3n confidencial. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10"
}
],
"id": "CVE-2022-36953",
"lastModified": "2024-11-21T07:14:08.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:09.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un servidor NetBackup OpsCenter, un servidor NetBackup Primary o un servidor NetBackup Media podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor NetBackup Primary o un servidor NetBackup Media"
}
],
"id": "CVE-2022-36988",
"lastModified": "2024-11-21T07:14:13.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F750AB23-9889-44DB-8F69-5743253CA001",
"versionEndExcluding": "8.3.0.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
},
{
"lang": "es",
"value": "En Veritas NetBackup OpsCenter, un atacante con acceso local a un servidor de NetBackup OpsCenter podr\u00eda escalar sus privilegios. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10"
}
],
"id": "CVE-2022-36949",
"lastModified": "2024-11-21T07:14:08.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:08.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BA0AF-70FB-4948-B047-E62EA64EFFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso a un cliente de NetBackup podr\u00eda recopilar de forma remota informaci\u00f3n sobre cualquier host conocido por un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36996",
"lastModified": "2024-11-21T07:14:14.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-28 00:06
Modified
2024-11-21 00:07
Severity ?
Summary
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:fp:businessserver:*:*:*:*:*",
"matchCriteriaId": "74DFFDE3-533A-4F35-949A-C85CBFCD7C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:fp:datacenter:*:*:*:*:*",
"matchCriteriaId": "F7B2572C-C560-4D7F-8824-A04DA07583FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:mp:businessserver:*:*:*:*:*",
"matchCriteriaId": "BCA898F1-6E9A-41DE-ABB3-4006D16CF315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:mp:datacenter:*:*:*:*:*",
"matchCriteriaId": "6F18487E-ADA8-4362-9F50-73568716825A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E3592CA8-4F02-421D-B373-A859231A447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.0:*:server:*:*:*:*:*",
"matchCriteriaId": "790282C3-9148-4D78-95ED-058D2166EB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D6AD552C-8462-4B56-865C-7858A1892E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:server:*:*:*:*:*",
"matchCriteriaId": "F570650A-8E21-4F66-B4D2-447FBB8EA9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:6.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "BE706E94-7808-4C59-A17D-0E300D5E939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:6.0:*:server:*:*:*:*:*",
"matchCriteriaId": "2B52E958-2728-48C8-ACBC-CED68045A9FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors."
}
],
"id": "CVE-2006-0990",
"lastModified": "2024-11-21T00:07:47.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-28T00:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19417"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/642"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015832"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/744137"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428988/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428992/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-006.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/744137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428988/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428992/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25472"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-011#C1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-011#C1 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E91EC90-E9E0-44C7-B8B2-FD444C3E54C3",
"versionEndIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y productos relacionados de Veritas. El servidor primario de NetBackup es vulnerable a un ataque de inyecci\u00f3n SQL afectando al servicio NBFSMCLIENT"
}
],
"id": "CVE-2022-42302",
"lastModified": "2024-11-21T07:24:41.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:20.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#C1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#C1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-012#M2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-012#M2 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69934CDE-4DC7-4E6F-8FE1-2D4FACA7F7B5",
"versionEndIncluding": "10.0.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) por medio del servicio DiscoveryService"
}
],
"id": "CVE-2022-42307",
"lastModified": "2024-11-21T07:24:42.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:22.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C34AB-3048-4751-8D54-3EA11B7BC205",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n privilegiada de comandos en NetBackup Server y Client (en el sistema local)."
}
],
"id": "CVE-2017-6400",
"lastModified": "2024-11-21T03:29:41.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.573",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96484"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98379 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98379 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the \u0027bprd\u0027 process."
},
{
"lang": "es",
"value": "En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores, hay una ejecuci\u00f3n de comandos remotos arbitrarios no autenticados utilizando el proceso \u0027bprd\u0027."
}
],
"id": "CVE-2017-8856",
"lastModified": "2024-11-21T03:34:51.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T21:29:00.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. NetBackup Cloud Storage Service utiliza un nombre de usuario y contrase\u00f1a codificados."
}
],
"id": "CVE-2017-6403",
"lastModified": "2024-11-21T03:29:41.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96500"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-28 00:06
Modified
2024-11-21 00:07
Severity ?
Summary
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:fp:businessserver:*:*:*:*:*",
"matchCriteriaId": "74DFFDE3-533A-4F35-949A-C85CBFCD7C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:fp:datacenter:*:*:*:*:*",
"matchCriteriaId": "F7B2572C-C560-4D7F-8824-A04DA07583FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:mp:businessserver:*:*:*:*:*",
"matchCriteriaId": "BCA898F1-6E9A-41DE-ABB3-4006D16CF315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:mp:datacenter:*:*:*:*:*",
"matchCriteriaId": "6F18487E-ADA8-4362-9F50-73568716825A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E3592CA8-4F02-421D-B373-A859231A447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.0:*:server:*:*:*:*:*",
"matchCriteriaId": "790282C3-9148-4D78-95ED-058D2166EB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D6AD552C-8462-4B56-865C-7858A1892E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:server:*:*:*:*:*",
"matchCriteriaId": "F570650A-8E21-4F66-B4D2-447FBB8EA9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:6.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "BE706E94-7808-4C59-A17D-0E300D5E939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:6.0:*:server:*:*:*:*:*",
"matchCriteriaId": "2B52E958-2728-48C8-ACBC-CED68045A9FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors."
}
],
"id": "CVE-2006-0989",
"lastModified": "2024-11-21T00:07:47.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-28T00:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/639"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015832"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/880801"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24172"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428944/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-005.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/880801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428944/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podr\u00eda escalar potencialmente sus privilegios"
}
],
"id": "CVE-2022-36985",
"lastModified": "2024-11-21T07:14:12.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98381 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98381 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the \u0027bprd\u0027 process."
},
{
"lang": "es",
"value": "En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y anteriores, existe una escritura con privilegios remota de archivos no autenticada utilizando el proceso \u0027bprd\u0027."
}
],
"id": "CVE-2017-8858",
"lastModified": "2024-11-21T03:34:51.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T21:29:00.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98381"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC735CA-9312-4C5C-8FD1-8821A423B19E",
"versionEndIncluding": "8.1.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3564F63C-D9E3-429A-BCBA-2F29FBEB3C3F",
"versionEndIncluding": "8.3.0.2",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1."
},
{
"lang": "es",
"value": "En Veritas NetBackup, un atacante con acceso local no privilegiado a un Cliente NetBackup puede enviar comandos espec\u00edficos para escalar sus privilegios. Esto afecta a versiones 8.0 hasta 8.1.2, 8.2, 8.3 hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1"
}
],
"id": "CVE-2022-36955",
"lastModified": "2024-11-21T07:14:08.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:09.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. La seguridad basada en nombre de host est\u00e1 abierta a la suplantaci\u00f3n de DNS."
}
],
"id": "CVE-2017-6405",
"lastModified": "2024-11-21T03:29:42.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.870",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96488"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F750AB23-9889-44DB-8F69-5743253CA001",
"versionEndExcluding": "8.3.0.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
},
{
"lang": "es",
"value": "En Veritas NetBackup OpsCenter, puede producirse un ataque de tipo DOM XSS. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10"
}
],
"id": "CVE-2022-36948",
"lastModified": "2024-11-21T07:14:07.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:08.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-013#M1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-013#M1 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69934CDE-4DC7-4E6F-8FE1-2D4FACA7F7B5",
"versionEndIncluding": "10.0.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) mediante el proceso nbars"
}
],
"id": "CVE-2022-42301",
"lastModified": "2024-11-21T07:24:41.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:20.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F750AB23-9889-44DB-8F69-5743253CA001",
"versionEndExcluding": "8.3.0.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
},
{
"lang": "es",
"value": "En Veritas NetBackup OpsCenter, se presenta una credencial embebida que podr\u00eda usarse para explotar el subsistema VxSS subyacente. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10"
}
],
"id": "CVE-2022-36952",
"lastModified": "2024-11-21T07:14:08.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:09.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir una condici\u00f3n de carrera de escalada de privilegios locales en pbx_exchange cuando un usuario local se conecta a un socket antes de que se aseguren los permisos."
}
],
"id": "CVE-2017-6408",
"lastModified": "2024-11-21T03:29:42.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:01.120",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96491"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36989",
"lastModified": "2024-11-21T07:14:13.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99C75EB-3507-4704-A565-AB2CF5369A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC406C50-6C2B-4160-890F-29DC444DC886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778FBECC-2C4C-45D5-A1E8-6678C541AA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46E3145F-197D-4860-AF50-8970CC803BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E4E50-9D65-460F-8BE1-27A174A6254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A861A3-FF48-47AD-BDE0-323E12CB7819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC7B2BA-DC01-4611-921B-C8C94651F142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7002266-E3B0-4A96-BE09-741A30E74B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D8275D-EE04-4BF7-9482-AE75A2E21F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C24158D-E922-4B07-8F67-58DD714346E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "658F2C00-3B49-4011-9F83-62ED504F7476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48563EA-D19E-4B62-8AE9-BE15D5EB8932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E294AFF-E630-4A50-B3DE-E16AF3E595E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9465004-79E0-46B0-B66A-48F3665ADA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A0C61-6B44-4344-AFC9-834B5B653B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F92467E-E91F-464F-B8C0-8724E4DB83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD568CB-7839-4DD4-AA6C-E3F14D54477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4356423A-17CF-4013-977B-F151BB5CC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9E0A06-0022-43B1-9DFD-025D4FB13055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40301990-E272-40C0-90B7-FCDA3B4B5CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9163537F-6657-4758-A980-6CCC8283F51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0859E-A3D1-416B-B841-EB052CAF6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54A5CAC2-5DD8-4FAE-B661-32A0017A557A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D741998D-20C0-4627-BF23-023D6C341746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01F5DFE7-64AF-4228-A30A-340B7BAA86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D479700-9A02-466B-A2CD-107F6EAF4AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E185B358-0805-4241-9960-23216974BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B672A9C-7549-4120-A966-D24090575506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E464653E-CFE4-4F9E-A021-DB16D9CE6046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets."
},
{
"lang": "es",
"value": "Veritas NetBackup 7.x hasta la versi\u00f3n 7.5.0.7 y 7.6.0.x hasta la versi\u00f3n 7.6.0.4 y NetBackup Appliance hasta la versi\u00f3n 2.5.4 y 2.6.0.x hasta la versi\u00f3n 2.6.0.4 no utilizan TLS para el tr\u00e1fico de la consola de administraci\u00f3n al servidor NBU, lo que permite a atacantes remotos obtener informaci\u00f3n sensible husmeando la red en busca de paquetes de intercambio de clave."
}
],
"id": "CVE-2015-6551",
"lastModified": "2024-11-21T02:35:12.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-07T14:59:01.197",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-013#M2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-013#M2 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69934CDE-4DC7-4E6F-8FE1-2D4FACA7F7B5",
"versionEndIncluding": "10.0.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)"
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El proceso nbars del servidor primario de NetBackup puede bloquearse resultando en una denegaci\u00f3n de servicio. (Nota: el servicio watchdog reiniciar\u00e1 autom\u00e1ticamente el proceso)"
}
],
"id": "CVE-2022-42300",
"lastModified": "2024-11-21T07:24:41.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:20.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36993",
"lastModified": "2024-11-21T07:14:14.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
9.0 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-010#C1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-010#C1 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "259A98B6-72FE-4B1D-8675-65203DFC6D4B",
"versionEndIncluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y productos relacionados de Veritas. Un atacante con acceso local puede eliminar archivos arbitrarios al aprovechar un salto de ruta en el c\u00f3digo de registro pbx_exchange"
}
],
"id": "CVE-2022-42308",
"lastModified": "2024-11-21T07:24:42.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.8,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:22.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#C1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#C1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C34AB-3048-4751-8D54-3EA11B7BC205",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado)."
}
],
"id": "CVE-2017-6399",
"lastModified": "2024-11-21T03:29:41.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96490"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F750AB23-9889-44DB-8F69-5743253CA001",
"versionEndExcluding": "8.3.0.2",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10."
},
{
"lang": "es",
"value": "En Veritas NetBackup OpsCenter, bajo condiciones espec\u00edficas, un atacante remoto autenticado puede ser capaz de crear o modificar cuentas de usuario de OpsCenter. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10"
}
],
"id": "CVE-2022-36954",
"lastModified": "2024-11-21T07:14:08.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:09.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir remotamente archivos arbitrarios en ubicaciones arbitrarias desde cualquier Cliente a cualquier otro Cliente por medio de un servidor primario"
}
],
"id": "CVE-2022-36990",
"lastModified": "2024-11-21T07:14:13.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-010#M1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-010#M1 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "259A98B6-72FE-4B1D-8675-65203DFC6D4B",
"versionEndIncluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y en los productos de Veritas relacionados. Un atacante con acceso local puede enviar un paquete dise\u00f1ado a pbx_exchange durante el registro y causar una excepci\u00f3n de puntero NULL, bloqueando efectivamente el proceso pbx_exchange"
}
],
"id": "CVE-2022-42306",
"lastModified": "2024-11-21T07:24:42.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:22.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#M1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#M1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir la denegaci\u00f3n de servicio que afecte al servidor NetBackup."
}
],
"id": "CVE-2017-6402",
"lastModified": "2024-11-21T03:29:41.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.620",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96485"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Interfaces CORBA no autenticadas permiten acceso inapropiado."
}
],
"id": "CVE-2017-6409",
"lastModified": "2024-11-21T03:29:42.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:01.153",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96504"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-17 08:15
Modified
2024-11-21 07:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC0719C-6D19-4A91-9113-4E3CFE95E317",
"versionEndIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root."
},
{
"lang": "es",
"value": "La Consola de administraci\u00f3n de Java en Veritas NetBackup hasta 10.1 y productos Veritas relacionados en Linux y UNIX permite a usuarios no root autenticados (que se han agregado expl\u00edcitamente al archivo auth.conf) ejecutar comandos arbitrarios como root."
}
],
"id": "CVE-2022-45461",
"lastModified": "2024-11-21T07:29:17.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-17T08:15:09.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-015"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-06 01:15
Modified
2024-11-21 05:28
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF089A0-933D-4543-B0FF-8CF6700194B0",
"versionEndIncluding": "8.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:opscenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8784FF-4C29-4CCB-A3A0-DEC2BFAAB7A3",
"versionEndIncluding": "8.3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Veritas NetBackup versiones hasta 8.3.0.1 y OpsCenter versiones hasta 8.3.0.1.\u0026#xa0;Los procesos que usan OpenSSL intentan cargar y ejecutar bibliotecas desde rutas que no existen por defecto en el sistema operativo Windows.\u0026#xa0;Por defecto, en sistemas Windows, los usuarios pueden crear directorios sobre el nivel superior de cualquier unidad.\u0026#xa0;Si un usuario poco privilegiado crea una ruta afectada con una biblioteca que el producto de Veritas intenta cargar, puede ejecutar c\u00f3digo arbitrario como SYSTEM o Administrator.\u0026#xa0;Esto le otorga al atacante acceso de administrador al sistema, permitiendo al atacante (por defecto) acceder a todos los datos, acceder a todas las aplicaciones instaladas, etc. Esta vulnerabilidad afecta a los servidores maestros, servidores multimedia, clientes y servidores OpsCenter en la plataforma Windows.\u0026#xa0;El sistema es vulnerable durante una instalaci\u00f3n o actualizaci\u00f3n y despu\u00e9s de la instalaci\u00f3n durante las operaciones normales"
}
],
"id": "CVE-2020-36169",
"lastModified": "2024-11-21T05:28:52.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T01:15:13.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. Puede ocurrir ejecuci\u00f3n local arbitraria de comandos cuando se utiliza bpcd y bpnbat."
}
],
"id": "CVE-2017-6401",
"lastModified": "2024-11-21T03:29:41.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.590",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C62C533-7F68-42EB-B10F-7758EEBB4731",
"versionEndIncluding": "7.6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09A5F0E3-7DE8-49B2-9836-CF442BBD5E54",
"versionEndIncluding": "2.6.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7 y NetBackup Appliance en versiones anteriores a 2.7. Existen archivos de registro de escritura universal, permitiendo la destrucci\u00f3n o suplantaci\u00f3n de datos de registro."
}
],
"id": "CVE-2017-6404",
"lastModified": "2024-11-21T03:29:41.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.793",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96494"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-011#H1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-011#H1 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E91EC90-E9E0-44C7-B8B2-FD444C3E54C3",
"versionEndIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de inyecci\u00f3n SQL de segundo orden afectando al servicio NBFSMCLIENT aprovechando CVE-2022-42302"
}
],
"id": "CVE-2022-42303",
"lastModified": "2024-11-21T07:24:42.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:21.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-28 00:06
Modified
2024-11-21 00:07
Severity ?
Summary
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:fp:businessserver:*:*:*:*:*",
"matchCriteriaId": "74DFFDE3-533A-4F35-949A-C85CBFCD7C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:fp:datacenter:*:*:*:*:*",
"matchCriteriaId": "F7B2572C-C560-4D7F-8824-A04DA07583FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:mp:businessserver:*:*:*:*:*",
"matchCriteriaId": "BCA898F1-6E9A-41DE-ABB3-4006D16CF315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:mp:datacenter:*:*:*:*:*",
"matchCriteriaId": "6F18487E-ADA8-4362-9F50-73568716825A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E3592CA8-4F02-421D-B373-A859231A447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.0:*:server:*:*:*:*:*",
"matchCriteriaId": "790282C3-9148-4D78-95ED-058D2166EB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D6AD552C-8462-4B56-865C-7858A1892E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:server:*:*:*:*:*",
"matchCriteriaId": "F570650A-8E21-4F66-B4D2-447FBB8EA9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:6.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "BE706E94-7808-4C59-A17D-0E300D5E939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:6.0:*:server:*:*:*:*:*",
"matchCriteriaId": "2B52E958-2728-48C8-ACBC-CED68045A9FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted \"Request Service\" packets to the vnetd service (TCP port 13724)."
}
],
"id": "CVE-2006-0991",
"lastModified": "2024-11-21T00:07:48.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-28T00:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19417"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015832"
},
{
"source": "cve@mitre.org",
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/377441"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428979/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-01.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seer.support.veritas.com/docs/281521.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/377441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428979/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-012#M3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-012#M3 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69934CDE-4DC7-4E6F-8FE1-2D4FACA7F7B5",
"versionEndIncluding": "10.0.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de denegaci\u00f3n de servicio mediante el servicio DiscoveryService"
}
],
"id": "CVE-2022-42299",
"lastModified": "2024-11-21T07:24:41.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:20.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-011#H2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-011#H2 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E91EC90-E9E0-44C7-B8B2-FD444C3E54C3",
"versionEndIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y los productos Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de inyecci\u00f3n SQL que afecta al c\u00f3digo de los gestores idm, nbars y SLP"
}
],
"id": "CVE-2022-42304",
"lastModified": "2024-11-21T07:24:42.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:21.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-011#H2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-03 15:15
Modified
2024-11-21 07:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-012#M1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-012#M1 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69934CDE-4DC7-4E6F-8FE1-2D4FACA7F7B5",
"versionEndIncluding": "10.0.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de Salto de Ruta mediante el servicio DiscoveryService"
}
],
"id": "CVE-2022-42305",
"lastModified": "2024-11-21T07:24:42.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-03T15:15:21.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-012#M1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99C75EB-3507-4704-A565-AB2CF5369A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC406C50-6C2B-4160-890F-29DC444DC886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778FBECC-2C4C-45D5-A1E8-6678C541AA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46E3145F-197D-4860-AF50-8970CC803BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E4E50-9D65-460F-8BE1-27A174A6254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A861A3-FF48-47AD-BDE0-323E12CB7819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC7B2BA-DC01-4611-921B-C8C94651F142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7002266-E3B0-4A96-BE09-741A30E74B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D8275D-EE04-4BF7-9482-AE75A2E21F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C24158D-E922-4B07-8F67-58DD714346E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "658F2C00-3B49-4011-9F83-62ED504F7476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48563EA-D19E-4B62-8AE9-BE15D5EB8932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E294AFF-E630-4A50-B3DE-E16AF3E595E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9465004-79E0-46B0-B66A-48F3665ADA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A0C61-6B44-4344-AFC9-834B5B653B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F92467E-E91F-464F-B8C0-8724E4DB83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD568CB-7839-4DD4-AA6C-E3F14D54477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4356423A-17CF-4013-977B-F151BB5CC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9E0A06-0022-43B1-9DFD-025D4FB13055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40301990-E272-40C0-90B7-FCDA3B4B5CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9163537F-6657-4758-A980-6CCC8283F51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0859E-A3D1-416B-B841-EB052CAF6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54A5CAC2-5DD8-4FAE-B661-32A0017A557A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D741998D-20C0-4627-BF23-023D6C341746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01F5DFE7-64AF-4228-A30A-340B7BAA86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D479700-9A02-466B-A2CD-107F6EAF4AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E185B358-0805-4241-9960-23216974BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B672A9C-7549-4120-A966-D24090575506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E464653E-CFE4-4F9E-A021-DB16D9CE6046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input."
},
{
"lang": "es",
"value": "bpcd en Veritas NetBackup 7.x hasta la versi\u00f3n 7.5.0.7, 7.6.0.x hasta la versi\u00f3n 7.6.0.4, 7.6.1.x hasta la versi\u00f3n 7.6.1.2 y 7.7.x en versiones anteriores a 7.7.2 y NetBackup Appliance hasta la versi\u00f3n 2.5.4, 2.6.0.x hasta la versi\u00f3n 2.6.0.4, 2.6.1.x hasta la versi\u00f3n 2.6.1.2 y 2.7.x en versiones anteriores a 2.7.2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de la entrada manipulada."
}
],
"id": "CVE-2015-6550",
"lastModified": "2024-11-21T02:35:12.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-07T14:59:00.163",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C34AB-3048-4751-8D54-3EA11B7BC205",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n arbitraria de comandos privilegiados, usando el escape del directorio de lista blanca con subcadenas \"../\"."
}
],
"id": "CVE-2017-6406",
"lastModified": "2024-11-21T03:29:42.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.980",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96486"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-23 04:17
Modified
2024-11-21 07:55
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A281F692-A6C6-4167-A02A-8296C1D15D3C",
"versionEndExcluding": "8.3.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files."
}
],
"id": "CVE-2023-28758",
"lastModified": "2024-11-21T07:55:56.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-23T04:17:11.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 13:15
Modified
2024-11-21 06:26
Severity ?
Summary
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C93B41BD-3F05-4130-BDDE-14A2E0B08B90",
"versionEndExcluding": "9.0.0.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation."
},
{
"lang": "es",
"value": "Veritas NetBackup OpsCenter Analytics versi\u00f3n 9.1, permite un uso de tipo XSS por medio de los campos NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password durante una operaci\u00f3n de A\u00f1adir Ajustes/Configuraci\u00f3n"
}
],
"id": "CVE-2021-41570",
"lastModified": "2024-11-21T06:26:27.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-19T13:15:07.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-007"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer arbitrariamente archivos de un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36994",
"lastModified": "2024-11-21T07:14:14.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:3.4.0:*:businessserver:*:*:*:*:*",
"matchCriteriaId": "B0A9F84C-E5EF-441B-89A2-FAA8D4968681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:3.4.0:*:datacenter:*:*:*:*:*",
"matchCriteriaId": "B8967ED7-3FE2-4F38-AA20-FCEC0C3D2CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:3.4.1:*:businessserver:*:*:*:*:*",
"matchCriteriaId": "BACC4230-D744-49CE-BAB8-7D3D11877B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:3.4.1:*:datacenter:*:*:*:*:*",
"matchCriteriaId": "6EC2AABD-38A2-4BC4-AD91-8205808CD302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:*:businessserver:*:*:*:*:*",
"matchCriteriaId": "E5CD1A9D-8EC4-4435-A266-46EB53C0C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:4.5.0:*:datacenter:*:*:*:*:*",
"matchCriteriaId": "DDB99533-907E-48FD-85F5-495263CE59F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.0:*:server:*:*:*:*:*",
"matchCriteriaId": "790282C3-9148-4D78-95ED-058D2166EB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D6AD552C-8462-4B56-865C-7858A1892E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:5.1:*:server:*:*:*:*:*",
"matchCriteriaId": "F570650A-8E21-4F66-B4D2-447FBB8EA9D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature."
}
],
"id": "CVE-2004-1389",
"lastModified": "2024-11-20T23:50:45.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.5,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12901/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.support.veritas.com/docs/271727.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-020.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/685456"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11494"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12901/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.support.veritas.com/docs/271727.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-020.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/685456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17811"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 07:14
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3A7C9B-44E3-4DEF-B0CE-DC2F00564F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1."
},
{
"lang": "es",
"value": "En Veritas NetBackup, el Cliente NetBackup permite una ejecuci\u00f3n de comandos arbitrarios desde cualquier host remoto que tenga acceso a un certificado/clave privada de NetBackup con un ID de host v\u00e1lido del mismo dominio. Afecta a versiones 9.0.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1"
}
],
"id": "CVE-2022-36956",
"lastModified": "2024-11-21T07:14:09.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T21:15:09.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un ataque de denegaci\u00f3n de servicio contra un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36984",
"lastModified": "2024-11-21T07:14:12.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un desbordamiento del b\u00fafer basado en la pila en el servidor primario de NetBackup, resultando en una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-36998",
"lastModified": "2024-11-21T07:14:15.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda escribir arbitrariamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36987",
"lastModified": "2024-11-21T07:14:13.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-23 04:17
Modified
2024-11-21 07:55
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C4B1AB-DBDB-414C-8ACD-6025F4D329CA",
"versionEndExcluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system."
}
],
"id": "CVE-2023-28759",
"lastModified": "2024-11-21T07:55:56.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-23T04:17:13.260",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36986",
"lastModified": "2024-11-21T07:14:13.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-37000",
"lastModified": "2024-11-21T07:14:15.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir arbitrariamente contenido en una ruta parcialmente controlada en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36991",
"lastModified": "2024-11-21T07:14:13.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}